Awesome Opheliac Posted July 19, 2010 Share Posted July 19, 2010 This is a registration script I am working on, I have included the form and the script. basically I created the script and then when nothing would happen i put in some numbered echo's at certain key points, basically so that if it stopped or missed a number i would know where the code went wrong, unfortunately it went to the end, and even echoed the correct variables, so this may actually be a problem with my SQL, thus why it is in the title. the script has a variety of comments in there, I like to comment heavily in my code so that if I read it in a few years I'll know what it does. The Form: registration_form.php <form id="form1" name="form1" method="post" action="process_registration.php"> <table width="0" border="0"> <tr> <td>Desired Username</td> <td><label> <input type="text" name="desired_username" id="desired_username" /> </label></td> </tr> <tr> <td><p>Password</p></td> <td><label> <input type="password" name="pass1" id="pass1" /> </label></td> </tr> <tr> <td>Confirm Password</td> <td><label> <input type="password" name="pass2" id="pass2" /> </label></td> </tr> <tr> <td>Shop name</td> <td><label> <input type="text" name="shopname" id="shopname" /> </label></td> </tr> <tr> <td>Age</td> <td><label> <select name="day" id="day"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="date" id="date"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> </select> </label></td> </tr> <tr> <td>Email</td> <td><label> <input type="text" name="email" id="email" /> </label></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td><label> <input type="submit" name="submit" id="submit" value="Submit" /> </label></td> </tr> </table> </form> The Processing page: process_registration.php <?php //Benjamin Civitico - Creator () //lets connect to the database require_once('/connection/connect.php'); $table = 'users'; //should connect to a list of usernames and passwords. //lets start by gathering all the values $usernamet = $_POST["desired_username"]; $pass1 = $_POST["pass1"]; $pass2 = $_POST["pass2"]; $day = $_POST["day"]; $month = $_POST["date"]; $shopname = $_POST["shopname"]; $email = $_POST["email"]; echo"1"; //lets start by seeing if the password is the same if ("$pass1" == "$pass2") { $password = hash('sha512', "$pass1");//if they are then define the password with hash and sha512 security =) } else { $_SESSION['register'] = 1; // this sets error as 1 header ('location:index.php?menu=register'); //if it fails take them to the registration fail page and tell them to try again =( die; } echo"2"; //now lets check the username against the existing usernames $test = mysql_query("SELECT * FROM $table WHERE username = '$usernamet'");//this will see if the username exists in the table mysql_error(); if (mysql_num_rows($test)>= 1)// if the username exists the rows will be 1 or more, if it doesnt exist, it will be zero { $_SESSION['register'] = 2; // this sets error as 2 header ('location:index.php?menu=register');//sends the user to the registration fail page if they dont succede die; } else { $username = "$usernamet";//if the username doesnt exist then it will be ready for the database $_SESSION['register'] = 3; //if it gets to here everything is good and so it needs the positive session } echo"3"; //now lets check the shopname against the existing shopnamess $test1 = mysql_query("SELECT * FROM $table WHERE S_name = '$shopname'");//this will see if the shop name exists in the table mysql_error(); if (mysql_num_rows($test1)>= 1)// if the username exists the rows will be 1 or more, if it doesnt exist, it will be zero { $_SESSION['register'] == 2; // this sets error as 2 header ('location:index.php?menu=register');//sends the user to the registration fail page if they dont succede die; } else { $s_name = "$shopname";//if the shopname doesnt exist then it will be ready for the database $_SESSION['register'] = 3; //if it gets to here everything is good and so it needs the positive session } echo"4"; // now lets put all the confirmed data into a database mysql_query("(INSERT INTO $table (access, username, password, day, month, email, cash, S_name, g_chance, m_chance, luck) VALUES ('0','$username','$password','$day','$month','$email','2000','$s_name',','1','1','50'))"); mysql_error(); //header ('location:index.php?menu=register'); echo"final ('0','$username','$password','$day','$month','$email','2000','$s_name',','1','1','50')"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/ Share on other sites More sharing options...
PFMaBiSmAd Posted July 19, 2010 Share Posted July 19, 2010 You would need to echo the value that mysql_error() returns. Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088181 Share on other sites More sharing options...
Kevin.Arvixe Posted July 19, 2010 Share Posted July 19, 2010 Change this: $test = mysql_query("SELECT * FROM $table WHERE username = '$usernamet'");//this will see if the username exists in the table mysql_error(); To this: $test = mysql_query("SELECT * FROM $table WHERE username = '$usernamet'") or die (mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088184 Share on other sites More sharing options...
Kevin.Arvixe Posted July 19, 2010 Share Posted July 19, 2010 Also, please be kind to your system admins.... mysql_real_escape_string(); $usernamet = mysql_real_escape_string($_POST["desired_username"]); $pass1 = mysql_real_escape_string($_POST["pass1"]); $pass2 = mysql_real_escape_string($_POST["pass2"]); $day = mysql_real_escape_string($_POST["day"]); $month = mysql_real_escape_string($_POST["date"]); $shopname = mysql_real_escape_string($_POST["shopname"]); $email = mysql_real_escape_string($_POST["email"]); Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088185 Share on other sites More sharing options...
Awesome Opheliac Posted July 21, 2010 Author Share Posted July 21, 2010 thanks for all of the suggestions. fixed up the code, now i get this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO users (access, username, password, day, month, email, cash, S_name, ' at line 1 any suggestions?? Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088938 Share on other sites More sharing options...
TheEvilMonkeyMan Posted July 21, 2010 Share Posted July 21, 2010 INSERT INTO users VALUES (access, username, password, day, month, email, [...] Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088959 Share on other sites More sharing options...
Awesome Opheliac Posted July 21, 2010 Author Share Posted July 21, 2010 if u look above at the original code i already have the values there Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088960 Share on other sites More sharing options...
TheEvilMonkeyMan Posted July 21, 2010 Share Posted July 21, 2010 No it's not... process_registration.php line 69: mysql_query("(INSERT INTO $table (access, username, password, day, month, email, cash, S_name, g_chance, m_chance, luck) VALUES ('0','$username','$password','$day','$month','$email','2000','$s_name',','1','1','50'))"); You need to add VALUES or it's an invalid query and you will get an SQL error. Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088961 Share on other sites More sharing options...
Awesome Opheliac Posted July 21, 2010 Author Share Posted July 21, 2010 i followed what you said 1234You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO users VALUES (access, username, password, day, month, email, cash, S' at line 1 same error, the thing is i already have values where the values acctually are, the subheadings after users are the columns of the table Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088989 Share on other sites More sharing options...
Awesome Opheliac Posted July 21, 2010 Author Share Posted July 21, 2010 just thought i would post the updated code so far <?php //Benjamin Civitico - Creator () //lets connect to the database require_once('/connection/connect.php'); $table = 'users'; //should connect to a list of usernames and passwords. //lets start by gathering all the values $usernamet = mysql_real_escape_string($_POST["desired_username"]); $pass1 = mysql_real_escape_string($_POST["pass1"]); $pass2 = mysql_real_escape_string($_POST["pass2"]); $day = mysql_real_escape_string($_POST["day"]); $month = mysql_real_escape_string($_POST["date"]); $shopname = mysql_real_escape_string($_POST["shopname"]); $email = mysql_real_escape_string($_POST["email"]); echo"1"; //lets start by seeing if the password is the same if ("$pass1" == "$pass2") { $password = hash('sha512', "$pass1");//if they are then define the password with hash and sha512 security =) } else { $_SESSION['register'] = 1; // this sets error as 1 header ('location:index.php?menu=register'); //if it fails take them to the registration fail page and tell them to try again =( die; } echo"2"; //now lets check the username against the existing usernames $test = mysql_query("SELECT * FROM $table WHERE username = '$usernamet'") or die (mysql_error());//this will see if the username exists in the table if (mysql_num_rows($test)>= 1)// if the username exists the rows will be 1 or more, if it doesnt exist, it will be zero { $_SESSION['register'] = 2; // this sets error as 2 header ('location:index.php?menu=register');//sends the user to the registration fail page if they dont succede die; } else { $username = "$usernamet";//if the username doesnt exist then it will be ready for the database $_SESSION['register'] = 3; //if it gets to here everything is good and so it needs the positive session } echo"3"; //now lets check the shopname against the existing shopnamess $test1 = mysql_query("SELECT * FROM $table WHERE S_name = '$shopname'");//this will see if the shop name exists in the table if (mysql_num_rows($test1)>= 1)// if the username exists the rows will be 1 or more, if it doesnt exist, it will be zero { $_SESSION['register'] == 2; // this sets error as 2 header ('location:index.php?menu=register');//sends the user to the registration fail page if they dont succede die; } else { $s_name = "$shopname";//if the shopname doesnt exist then it will be ready for the database $_SESSION['register'] = 3; //if it gets to here everything is good and so it needs the positive session } echo"4"; // now lets put all the confirmed data into a database mysql_query("(INSERT INTO $table (access, username, password, day, month, email, cash, S_name, g_chance, m_chance, luck) VALUES ('0','$username','$password','$day','$month','$email','2000','$s_name',','1','1','50'))") or die (mysql_error()); //header ('location:index.php?menu=register'); echo"final ('0','$username','$password','$day','$month','$email','2000','$s_name',','1','1','50')"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1088999 Share on other sites More sharing options...
PFMaBiSmAd Posted July 21, 2010 Share Posted July 21, 2010 Your INSERT query has a ( before the INSERT keyword and a matching ) at the end. Those two ( and ) don't belong there. Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1089157 Share on other sites More sharing options...
Awesome Opheliac Posted July 22, 2010 Author Share Posted July 22, 2010 wow, thanks, that seems to have solved the problem thanks to everyone who helped me clean up this script in the process feel free to close this and marked it as solved Quote Link to comment https://forums.phpfreaks.com/topic/208162-phpsql-registration-script/#findComment-1089527 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.